1. Field of the Invention
The field of the invention is that of cellular mobile radio systems with terminals (also called mobile stations). In the field of cellular mobile radio, European standards include the GSM (Global System for Mobile communications) standard, covering public mobile radio systems operating in the 900 MHz band.
To be more precise, the invention concerns a method of making the use of a terminal of a cellular mobile radio system more secure. The method of the invention can be used in a GSM system, but is not exclusive to that system.
2. Description of the Prior Art
A cellular mobile radio system is implemented within a network of geographical cells through which the mobile stations (or terminals) travel. A base station is associated with each cell and a mobile station communicates through the base station of the cell in which it is located.
The expression mobile station or terminal (both of which are used interchangeably in this description) refer to the physical equipment employed by the user of the network to access the telecommunication services offered. There are various types of terminals, such as vehicle-mounted, portable and hand-portable terminals.
When a user uses a terminal, they generally have to connect a user card that they retain in order for the latter to communicate their subscriber number to the terminal. In the case of the GSM system, the user card that the user must connect to the terminal is a removable memory card called the Subscriber Identity Module (SIM), which communicates to the terminal the user's International Mobile Subscriber Identity (IMSI) number.
In other words, all of the personalized information concerning the subscriber is stored on the user card (or SIM card). Thus, in the general case, any terminal can be used with any user card.
An authentication mechanism prevents unauthorized use of the identity of a network subscriber. It must not be possible for a person knowing only the identity (or IMSI) of a subscriber to pass themselves off as that subscriber to the network. To this end, the user card also contains an individual authentication key and an authentication algorithm. After the subscriber has identified himself or herself, the network can therefore check their identity and break off the procedure if the authentication procedure fails.
Subscribers may inform the network operator or manager that their card has been lost or stolen. This means that any attempt by a third party to use their user card can be detected and barred at system level.
The operator often offers an additional degree of protection of the user card. For this, a Personal Identity Number (PIN) is stored on the user card. Subscribers are asked to enter their PIN code on the keypad of the terminal each time the card is inserted into the terminal or each time that the terminal is switched on. This prevents anyone using a lost or stolen user card if they do not know the PIN code associated with that user card.
Although in the early days of cellular mobile radio systems various means of protecting user cards against unauthorized use were proposed, as explained above, the same cannot be said in respect to protection of the terminals. First generation terminals do not have any particular protection against unauthorized use. Consequently, a lost or stolen terminal can be used by anyone holding a valid user card. The network verifies the validity of the user card but not that of the terminal. In protection terms, the terminal can therefore be classified as "passive".
Each terminal of a cellular mobile radio system is a costly device, whether the cost is met by the subscriber or by the operator. There is therefore an obvious benefit in attempting to make its use more secure, in particular in the event of loss of theft.
Making the use of a terminal more secure generally consists in proposing, in addition to the normal operating mode, a so-called locked mode in which the terminal can be used only with a user card with which it is "locked", called the linked user card. In other words, a link is established between the terminal and a particular user card (the linked user card).
One technique for implementing a locked mode of this kind is described in patent U.S. Pat. No. 4,868,846, assigned to NOKIA MOBILE PHONES LTD. The method described in the above patent includes a phase of creating a terminal/user card link and a phase of verifying the terminal/user card link.
In the link creation phase, the terminal reads the user identification data stored on the user card and stores it in its memory.
During the link verification phase the terminal reads the user identification data stored on the user card with which it is cooperating and compares it with that stored in its memory during the link creation phase, authorizing operation of the terminal or not according to whether the data read and that stored are identical or not.
This prior art technique therefore prevents a terminal being used with a user card other than that with which it has been locked. This prevents unauthorized use of a terminal lost or stolen without its linked user card. This contributes to reducing the number of terminal thefts.
Note that even if the terminal is lost or stolen with its linked user card, it can be used only with the latter. As already explained, the subscriber can tell the operator that their user card has been lost or stolen, so that its use can be barred at system level. Stealing the terminal is therefore of no benefit in this case either.
This prior art technique of making the use of a terminal more secure nevertheless has at least two major drawbacks.
Firstly, it does not totally eliminate all risks of unauthorized use of the terminal. The terminal/user card link is based on the storage in the memory of the terminal of the user identification data (read by the terminal from the user card during the link creation phase). There is nothing to stop a person directly modifying the content of the terminal memory in order to modify the existing locking link. In this case, the identification data of the linked user card is replaced in the terminal memory with new identification data from another user card. In this way, although it is in the locked mode, unauthorized use of the terminal is possible since it sees the other user card as that with which it is linked.
Moreover, this prior art technique is generally combined with protection by requiring subscribers to enter their PIN code each time their user card is inserted into the terminal or each time the latter is switched on. Entering the PIN code can become a nuisance if it has to be carried out many times a day. For this reason, some subscribers leave their terminal switched on in order to avoid having to enter their PIN code several times. Then, even if the locked mode is selected, stealing the terminal when it is switched on and cooperating with its linked user card enables a person to access the services of the network until this is barred at system level after the subscriber has reported the loss of theft of their user card. It must be remembered that, in respect of the use of stolen terminals, there is no barring procedure at system level equivalent to that which exists for stolen user cards.
One objective of the invention is to overcome these drawbacks of the prior art.
To be more precise, one objective of the present invention is to provide a method of making the use of a cellular mobile radio system terminal more secure that completely eliminates all risk of unauthorized use of the terminal.
An additional objective of the invention is to provide a method of the above kind that does not require users to enter their PIN code each time they insert their user card into the terminal or each time they switch the latter on.
A further object of the invention is to provide a method of the above kind that offers not only the advantages offered by the prior art method described in patent U.S. Pat. No. 4,868,846, referred to above, but has additional advantages that cannot be offered by the prior art method.
In other words, one objective of the invention is to provide a method of the above kind which, like the prior art method, allows operation in locked mode in which the terminal can be used only with a particular user card.
A further objective of the invention is to provide a method of the above kind which allows a terminal to be left switched on with its user card inside it but which nevertheless prevents unauthorized use of the terminal, which is not possible with the prior art method.
A further objective of the invention is to provide a method of the above kind enabling local or remote blocking (total prohibition of operation) or unblocking (authorization of operation in locked mode) of a terminal.
Another objective of the invention is to provide a method of the above kind enabling a subscriber having more than one terminal for the same subscription to have at all times at least one terminal providing various "passive reception" functions (answering machine type operation), such as incoming call storage.